SpyDealer Trojan: Android Trojan is listening to phone calls

Android SpyDealer Trojan is here again

An old acquaintance is back. The SpyDealer Trojan is once again infecting Android devices. The Trojan has been active for two years and is stealing data from several apps that might be on your smartphone.

Read on to find out how the Android malware does this and why the Trojan is currently particularly active.

SpyDealer infects devices

The security experts at Palo Alto Networks are currently warning about the old and now rediscovered Android malware. It has apparently been active for two years and is stealing data from more than 40 known apps. Among them are the Facebook app, WhatsApp, Skype and Firefox. The Trojan Spyware, after infecting the device is able to steal private information. It has access to :

  • Phone numbers,
  • News,
  • Address books,
  • The call history,
  • The location and
  • Data over WLAN connections

SpyDealer Trojan has espionage function

It is not yet clear how the Trojan SpyDealer reaches your Android device. In China, some devices have been infected via WLAN, although the security researchers do not know yet if this is always the case. It is certain, however, that it has been active for at least two years. The latest infection is barely two months old and affects smartphones and tablets, which is why Palo Alto Networks suspects that the responsible cybercriminals continue to be active.

The spying function of the Trojan is very diverse. It can, among other things, record telephone conversations, record videos and listen to ambient sounds. But SpyDealer can also create screenshots of sensitive information and take pictures with all available cameras.

How does SpyDealer reach user rights?

But how does the Trojan reach the user’s rights? The Android malware secures the necessary user rights using a commercial rooting app. It is called Baidu Easy Root and uses various root exploits. The Trojan SpyDealer communicates with a command server on the Internet. This server allows the attackers to control both the malware and the devices compromised by it and to retrieve the collected data. This is uninformed by you.

Its full effect is only seen on Android 2.2 Froyo to Android 4.4 KitKat. Newer Android versions supposedly don’t support the Rooting tool. However, the older Android versions according to Google, currently have a market share of about 26 percent. As there are two billion Android devices worldwide, more than 500 million devices are vulnerable to this Trojan. Our Tip: Check what version your Android device has and try to install an update to a newer version.